> The classic approach [Internet -> Router -> Server] is a recipe for disaster
I never really get that. If my router gets updates and the only thing I do to it is forward one port to the server, I don't really see how wrong it can go?
The Cloudflare tunnel doesn't change the fact that there is a server exposed to the Internet. And adding a reverse proxy in front of the server does not necessarily make it more secure, does it?
I mean, if I cannot update my router and open a single port properly, should I trust myself to setup a reverse proxy?
My main issue is that I didn't want to expose the ports to the internet. The only port now exposed on my server is the SSH port only. Everything else is just handled through the connection between the cloudflared daemon and cloudflare itself.
> The classic approach [Internet -> Router -> Server] is a recipe for disaster
I never really get that. If my router gets updates and the only thing I do to it is forward one port to the server, I don't really see how wrong it can go?
The Cloudflare tunnel doesn't change the fact that there is a server exposed to the Internet. And adding a reverse proxy in front of the server does not necessarily make it more secure, does it?
I mean, if I cannot update my router and open a single port properly, should I trust myself to setup a reverse proxy?
My main issue is that I didn't want to expose the ports to the internet. The only port now exposed on my server is the SSH port only. Everything else is just handled through the connection between the cloudflared daemon and cloudflare itself.